Re: question about bind9 from a clueless paranoid
On Mon, 04 Apr 2011 07:13:57 -0600, Paul E Condon wrote:
> I'm running Wheezy on several i386 boxes. Over the weekend I installed
> bind9 and dhcp3-server on one of them. While starting to set up dynDNS,
> I noticed a comment in /etc/bind/named.conf.options (this is a file that
> had just been installed by the bind9 package):
>
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> I look at the page at the URL. It concerns poisoning of the DNS cache.
> Debian is listed as being vulnerable
It should not be vulnerable... at least wheezy:
http://www.kb.cert.org/vuls/id/MIMG-7ECL6S
> and my D-Link DI-604 as unknown
> vulnerability. The document dates from 2008, and my D-Link router was
> purchased in 2004. It seems serious to this somewhat clueless geezer so
> I decide to investigate further.
You can ask D-Link for a firmware update but I can guess the answer: "
your product has been discontinued, please, update (aka: buy) to another
supported one".
BTW, none of my routers are listed there ;-(
> But I can't find any information more recent than 2008 by googling.
> Surely there have been some more recent developments. What has happened?
> Surely something has happened, but I find nothing.
I remember it was a very commented notice when it was disclosed (that was
the Kaminsky's DNS bug, right?).
Greetings,
--
Camaleón
Reply to: